In the early hours of Friday, July 19, computers running Microsoft Windows operating systems worldwide started displaying the Blue Screen of Death, revealing the cascading ‘digital doomsday’ effects that can arise from a single innocuous software failure.
The world seemed to have taken a huge pause and dialled back several decades to an era when consumers paid cash, and airlines issued handwritten boarding passes. In the early hours of Friday, July 19, 2024, thousands of flights around the world including India were cancelled, as passengers could not check-in. In the UK the National Health Service stopped accepting patients, customers could not use their credit cards in shopping malls, as computers running Microsoft Windows operating systems started reporting devices showing Blue Screens of Death (BSODs).
Image: The dreaded “Blue Screen of Death” error screen
Soon, reports of disruptions started flooding in from around the world, including the UK, India, Germany, the Netherlands, and the US. Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights. The culprit behind this widespread Windows outages was identified to be a faulty software update from cybersecurity giant CrowdStrike. Cybersecurity experts assured that no virus or malicious cyberattack was involved. It was just one misconfigured or possibly corrupted update that CrowdStrike had unknowingly pushed out to its Windows clients.
This incident highlights the fragility of modern IT systems and the cascading effects that can arise from a single software failure. Nasdaq 100 E-Mini futures were down -0.37% as the widespread cyber outage that hit banks, airlines, and broadcasters weighed on investor sentiment. The outage sent shares of CrowdStrike tumbling 18% in premarket trading, while Microsoft stock fell more than 2% as the tech giant said the cybersecurity firm’s update of its Falcon software affected its Windows platforms. Elon Musk said it was the biggest-ever global IT crash.
Damage control efforts
Later in the day, Microsoft’s own estimates confirmed Musk’s initial reaction. This incident is indeed likely to be the largest cyber event on record, surpassing all previous major hacks and outages. Microsoft estimated that 8.5 million computers worldwide were disabled by the global IT outage resulting from the problematic software update. Although this figure represents less than 1% of all Windows devices globally, yet the broader economic and societal impacts were enormous due to CrowdStrike’s widespread use by enterprises running critical services. According to BBC reports, Microsoft was able to provide an accurate assessment of the number of affected devices due to its performance telemetry capabilities.
After the debacle, CrowdStrike engineers took to the company’s Reddit forum and posted “widespread reports of BSODs on Windows hosts” occurring across its software. They assured that developers were working on the error, and suggested an emergency workaround for affected machines. The company also issued instructions to its customers via an advisory.
CrowdStrike CEO George Kurtz appeared visibly agitated during a TODAY Show interview after the massive outage impacted Wall Street, airlines, and hospitals. Struggling to explain the cause, a misfire with a “single content update,” Kurtz stumbled over his words and had to pause for water. Host Savannah Guthrie questioned the lack of redundancy in their systems, noting the severity of the glitch. Social media reactions highlighted Kurtz’s nervous demeanour, with some expressing empathy for the CEO’s difficult situation on live TV.
The event serves as a reminder of the importance of prioritising safe software deployment and disaster recovery processes across the technology industry. CrowdStrike’s CEO has urged users to only download fixes from official company sources, as researchers have observed a spike in fraudulent websites designed to distribute malware or steal private information related to the incident. Cybersecurity agencies worldwide have advised IT managers to exclusively use CrowdStrike’s official website for information and assistance in the aftermath of this major outage.
The Chinese puzzle!
Interestingly, China largely escaped the widespread IT disruptions caused by the ill-fated software update. The simple reason being CrowdStrike software is not widely used in China! Chinese organisations are typically reluctant to adopt technology from American firms that have been themselves been outspoken about cybersecurity threats posed by China.
Overall, China is less reliant on Microsoft platforms compared to the rest of the world. Domestic Chinese tech giants like Alibaba, Tencent, and Huawei dominate the Cloud computing market, so reports of CrowdStrike-related outages in China were mostly limited to foreign companies and organisations operating there. Some Chinese social media users reported issues accessing international hotel chains, but the impact was relatively contained, and those sites were located outside China anyway.
Over the years, China has made concerted efforts to replace foreign IT systems with domestic alternatives across government, business, and critical infrastructure sectors. This parallel network has been described by analysts as the “splinternet,” reflecting China’s strategic approach to reducing its reliance on foreign technology for national security reasons.
Microsoft’s operations in China are managed by a local partner, 21Vianet, which isolates the company’s services from its global infrastructure. This setup helps insulate China’s essential services, such as banking and aviation, from disruptions originating outside the country.
It appears that western countries banning Chinese technology or restricting the use of Chinese-owned applications driven by national security concerns have resulted in a digital divide between China and the West. Ironically, being confined within a silo enabled China to escape the global IT outage.
‘God-Like’ access becomes the Achilles heel
The idea that a cybersecurity software product could cause such widespread disruption might seem extreme. However, such security tools are, by their very design, deeply integrated into the core infrastructure of computer networks. They are granted extensive, “god-like” access to the inner workings of IT systems for legitimate, functional reasons. Such “Endpoint Protection” programs need to closely monitor all internal operations in order to identify and prevent potential malicious cyberactivity. While this access and control is critical to fulfil the intended purpose, it also means that any flaw within the security product itself can have severe, cascading effects across the entire network it is protecting.